diff --git a/hack/build-carvel-packages.sh b/hack/build-carvel-packages.sh index edd7fc03..3ab9a557 100755 --- a/hack/build-carvel-packages.sh +++ b/hack/build-carvel-packages.sh @@ -120,8 +120,6 @@ do log_note "Generating PackageRepository Package entry for ${resource_name}" # publish package versions to package repository - # TODO: what is package_image_repo? - # TODO: package_version should just become version, no need for it to not match. package_repository_dir="deploy_carvel/package_repository/packages/${resource_qualified_name}" rm -rf "${package_repository_dir}" mkdir "${package_repository_dir}" @@ -293,7 +291,6 @@ SECRET_NAME="${resource_name}-package-install-secret" concierge_app_name="pinniped-concierge" concierge_namespace="concierge" webhook_url="https://local-user-authenticator.local-user-authenticator.svc/authenticate" -webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')" discovery_url="$(TERM=dumb kubectl cluster-info | awk '/master|control plane/ {print $NF}')" concierge_custom_labels="{myConciergeCustomLabelName: myConciergeCustomLabelValue}" log_level="debug" @@ -400,7 +397,6 @@ kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_N log_note "appending environment variables to /tmp/integration-test-env" -# TODO: since I pulled these out of the main script, I'll have to put them back as well. # To be "finished" the scripts need to work for both the ytt deploy and the carvel package, # regardless of which branch the user takes. integration_env_file="/tmp/integration-test-env" @@ -410,7 +406,6 @@ cat <"${integration_env_file}" export PINNIPED_TEST_USER_USERNAME=${test_username} export PINNIPED_TEST_USER_GROUPS=${test_groups} export PINNIPED_TEST_USER_TOKEN=${test_username}:${test_password} -export PINNIPED_TEST_WEBHOOK_CA_BUNDLE=${webhook_ca_bundle} EOT echo "${integration_env_file_text}" >> "${integration_env_file}" diff --git a/hack/prepare-for-integration-tests.sh b/hack/prepare-for-integration-tests.sh index 19c45b03..203d93b1 100755 --- a/hack/prepare-for-integration-tests.sh +++ b/hack/prepare-for-integration-tests.sh @@ -276,7 +276,7 @@ manifest=/tmp/pinniped-local-user-authenticator.yaml test_username="" test_groups="" test_password="" -webhook_ca_bundle="undefined" +webhook_ca_bundle="" if [ "$alternate_deploy" != "undefined" ] || [ "$alternate_deploy_local_user_authenticator" != "undefined" ] ; then if [ "$alternate_deploy" != "undefined" ]; then log_note "The Pinniped local-user-authenticator will be deployed with $alternate_deploy local-user-authenticator $tag..." @@ -295,7 +295,6 @@ else kapp deploy --yes --app local-user-authenticator --diff-changes --file "$manifest" kubectl apply --dry-run=client -f "$manifest" # Validate manifest schema. - webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')" test_username="test-username" test_groups="test-group-0,test-group-1" @@ -412,6 +411,16 @@ else popd >/dev/null fi +# +# Call a post-install script +# simplifies passing the $tag which may be necessary if the current local build is to be +# referenced, for example, deploying via a Carvel package rather than our ytt mechanism +# running it after the above also allows appending to the environment variable file +if [ "$post_install" != "undefined" ] ; then + log_note "The post-install script will be called with $tag..." + $post_install post-install-script $tag +fi + # # Download the test CA bundle that was generated in the Dex pod. # Note that this returns a base64 encoded value. @@ -428,6 +437,8 @@ test_ca_bundle_pem="$(kubectl get secrets -n tools certs -o go-template='{{index kind_capabilities_file="$pinniped_path/test/cluster_capabilities/kind.yaml" pinniped_cluster_capability_file_content=$(cat "$kind_capabilities_file") +# however it was installed, we need the CA bundle now +webhook_ca_bundle="$(kubectl get secret local-user-authenticator-tls-serving-certificate --namespace local-user-authenticator -o 'jsonpath={.data.caCertificate}')" cat </tmp/integration-test-env # The following env vars should be set before running 'go test -v -count 1 -timeout 0 ./test/integration' @@ -502,17 +513,6 @@ export PINNIPED_TEST_CLUSTER_CAPABILITY_YAML EOF -# -# Call a post-install script -# simplifies passing the $tag which may be necessary if the current local build is to be -# referenced, for example, deploying via a Carvel package rather than our ytt mechanism -# running it after the above also allows appending to the environment variable file -if [ "$post_install" != "undefined" ] ; then - log_note "The post-install script will be called with $tag..." - $post_install post-install-script $tag -fi - - # # Print instructions for next steps. #